I have for the moment two sources of data, Netflow from my rooter and Collectd from my server.

Per default all the data comme in Logstash perfectly and goes out in Elastic in the same index "logstash-%{YYYY.MM.DD}".

The data flow works fine but Kibana can't map both dataflow in a unique index because the type of data is different for the some fields.

That's why I try to send the dataflow in two differents index.

From Kibana I installed X-pack and setup a new user named "logstash_internal" with the role "logstash_writer" which have all privileges (Cluster Privileges => all, Index Privileges => *, Privileges => all).

I made the following config file for Logstash to push the data in two new indexes:

But Elasticsearch doesn't make new index. And when I check here: http://127.0.0.1:9200/_cat/indices?v and in Timelion in Kibana, the dataflow is not received anymore and the indexes "lg-OpenWrt-%{+YYYY.MM.dd}" and "lg-Monitor-%{+YYYY.MM.dd}" don't exist.

My guess would be that the logstash_internal user does not have sufficient privileges to create anew indices. An example of what a Logstash indexing role can look like is available here. Replace the logstash-* index pattern with something that matches your indices.